Low severity3.7NVD Advisory· Published Apr 30, 2018· Updated Jun 17, 2026
CVE-2017-2591
CVE-2017-2591
Description
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- unspecified/389-ds-basev5Range: 389-ds-base 1.3.6
Patches
Vulnerability mechanics
References
3- pagure.io/389-ds-base/issue/48986nvdPatchThird Party Advisory
- www.securityfocus.com/bid/95670nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.